Oracle knew about currently exploited Java vulnerabilities for months, researcher says

Security Explorations reported 19 Java 7 security issues to Oracle on Apr. 2. Those issues included the two zero-day -- unpatched -- vulnerabilities that attackers are exploiting to infect computers with malware, Gowdiak said Wednesday via email.

The company continued to report Java 7 vulnerabilities to Oracle in the following months until the total number reached 29. "We demonstrated 16 full Java SE 7 sandbox compromises with the use of our bugs," Gowdiak said.